MiSec Southfield Meetup April 14th 2016

We will kick things off this April with a lightning talk from Khalid Abutayeb presenting: A Red Teamers Lunch Box – Raspberry PIE Included

For our main speaker, we are excited to have our very own Mark Stanislav presenting: Hide Yo’ Kids: Hacking Your Family’s Connected Things

Abstract:
This presentation will cover security research on Internet-connected devices targeting usage by, or for, children. Mark will discuss the vulnerabilities he found during this research, including account takeovers, device hijacking, backdoor credentials, unauthorized file downloading, and dangerously out-of-date protocols & software. Devices discussed will include Internet-connected baby monitors, a GPS-enabled platform to track children, and even a Wi-Fi & Bluetooth-connected stuffed animal. Details about mobile reverse engineering, hardware hacking, network traffic analysis, and other research techniques will be presented to help others learn about methods to perform their own research.

Curious about how well your privacy and safety are being taken care of by IoT vendors? Interested in IoT security research and want to understand what flaws are being found in devices today? Skip the hype-only stunt hacking and come hear Mark discuss real-world examples of issues that actively threatened the privacy and safety of the families using connected devices. After all, if it ‘takes a village to raise a child’ it’s going to take a lot of hackers to secure them in the Internet of Things.

Bio:
Mark Stanislav is the Manager of Security Advisory Services at Rapid7. Mark has spoken internationally at over 100 events including RSA, DEF CON, SOURCE Boston, Codegate, SecTor, and THOTCON. Mark’s security research and initiatives have been featured by news outlets such as the Wall Street Journal, The Associated Press, CNET, Good Morning America, and Forbes. Mark is the co-founder of the Internet of Things security research initiative, BuildItSecure.ly. He is also the author of a book titled, “Two-Factor Authentication”.

Mark earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University. During his time at EMU, Mark built the curriculum for two courses focused on Linux administration and taught as an Adjunct Lecturer for two years. Mark holds CISSP, Security+, Linux+, and CCSK certifications.

Please note: if you hadn’t heard it yet, below is the address of our new venue

 

Thursday, April 14th, at 7 pm
One Town Square
7th Floor, Suite 700
Southfield, MI 48076

MiSec Jackson Meetup April 12th 2016

Title: My experience with Cybati at Defcon
Speaker: Kate Vajda

Talk Summary:
We have Kate giving a talk on her experience trying to win hardware in the Defcon ICS village. She will be chatting about some of the tools she discovered and how she figured out how to utilize the Cybati framework.

Bio: Kate Vajda is a long time computer enthusiast.

Tuesday, March 8th, at 7 pm
Consumers Energy
One Energy Plaza`
Jackson, MI 49201

Please use the Francis Street parking deck.

MiSec Southfield Meetup March 10th

For our first OWASP of the year, this month Josh Little is presenting Walk the Line: Breaking Access Control Models


Abstract:
In this talk, professional pentester Josh Little will discuss common features of web application access control models and strategies for performing manual verification of their effectiveness. He may also actually say something funny, so if you’re not into access control models, at least come for that. If you’re not into the whole brevity thing, you’ve come to the right place.


Bio:
Josh is a 17-year IT, development, and security professional and currently leads the testing practice at VioPoint.


Lightening talk:
John T Chihan Jr. is presenting Device Interaction Evolution


Abstract:
This talk will be on how our interactions between our devices has evolved and what communication between us and our devices will look like in the near future.

This is our first month at the new #misec Southfield venue:
Thursday, March 10th at 7 PM
26100 Northwestern Highway
Suite 700
Southfield, Michigan, 48076

MiSec Jackson Meetup March 8th 2016

Title: Better life through Models

Abstract:

Models play a major role in our lives – we start using them as an infant to understand everything from motor skills to social constructs, and continue using them throughout our lives as we develop. We will look at the impact models can have on skills development, security program development, and even dealing with/planning for/analyzing specific threat scenarios. To do this we’ll dive into the good and bad of various models at work in the industry today, have a few laughs, and discuss the characteristics that make said models valuable from different angles.

 

Bio:

Steven D. Legg (@ZenM0de) is a Security Strategy Consultant for eSentire. Bringing more than 16 years of experience with everything from designing nationwide multimedia distribution networks to directing teams and building businesses, Steven now spends his time assessing, coaching, and building frameworks. Steven is also a developer for the PoshSec project, host of #misec Southfield, and father to an awesome daughter.

 

Tuesday, March 8th, at 7 pm
Consumers Energy
One Energy Plaza`
Jackson, MI 49201

Please use the Francis Street parking deck.

MiSec Southfield Meetup February 11th – Cancelled

#misec Southfield will not be meeting this month as we prepare our new venue for March’s meetup.

 

Stay tuned for address/info!

MiSec Jackson Meetup February 9th 2016

This month we will be hosting another round of Lighting talks! The talks are anywhere from 10 to 15 minutes in length.

Lighting Talk Topics for Tuesday:
RFID!                By Josh
IPV6                  By Samuel Bradstreet
The EVILbit!   By daniel Ebbutt
TLS!                  By James

If you have a topic you would like to present then come on out and wing it this Tuesday night!

Tuesday, February 9th, at 7 pm
Consumers Energy
One Energy Plaza`
Jackson, MI 49201

Please use the Francis Street parking deck.

MiSec Southfield Meetup January 14th

This month, Jeremy Nielson will present: Red Team Follies.

Or, “How I learned to stop worrying and detect pentester’s mistakes”. Are you tired of hearing how the penetration testers totally pwned another network? Join Jeremy as we laugh at some real Red Team mistakes, and look at ways you can detect and respond to those pentesters before they ruin your weekend!

Lightening Talk:

Chris Jensen will be presenting Remote Surgery: Vulnerabilities Exposed. This talk covers a high level view of security concerns and possible solutions.

Thursday, January 14th, at 7 pm
300 Galleria Officentre, Suite 103
Southfield, MI 48034

MiSec Jackson Meetup December 8th 2015

This Tuesday we will have Keith Axtell speaking on the Art of Packet Capture and Analysis! The talk will start off with some of the basics of packet capture and analysis and move on to move advanced topics.

Tuesday, November 10th, at 7 pm
Consumers Energy
One Energy Plaza`
Jackson, MI 49201

Please use the Francis Street parking deck.

MiSec Southfield Meetup December 10th 2015

December is here – which means we’re rounding out the year with OWASP!

 

Nicholas Richardson will be presenting: “Convincing Your Clients  (Without Sacrificing Security)”

Abstract:
When it comes to software development businesses continue to push for user friendly solutions delivered quicker. Juggling the business pressure of delivery and ease of use, while maintaining some semblance of security can be daunting. This talk will focus on how to work with your customers to ensure their needs from usability and velocity, and our needs for security can be both be achieved.

Bio:
Nicholas Richardson has spent over 10 years in the IT field across a range of disciplines. Nick’s experience includes public schools, private outsourced IT, and in-house Technology teams. Presently Nick is a Director of Rapid Application Development for Title Source, where he leads teams including training, support, and software development. At his previous company he served as a Director of Operations building a helpdesk and network operations center, and implementing technical solutions such as private clouds, networks, servers, and various services.

 

Lightening Talk:

Joseph Ciaravino will be presenting: The Good, The Bad, The Endpoint Protection

 

Thursday, December 10th, at 7 pm
300 Galleria Officentre, Suite 103
Southfield, MI 48034

Capture the Flag – #misec RuCTFE 2015 is starting soon!

We are mere hours away from the start of RuCTFE 2015 – #misec is looking forward to hacking the planet with some cool folks!

 

If you are interested and did not already grab a ticket, do so here. Registration is required for entry.

Please bring your laptop, which should have a functional physical Ethernet connection, and should not contain any data you are concerned with losing. This machine should have a hardened OS installed (or running from external boot media/VM) along with any tools you require.

We are looking forward to seeing everyone out at the game!

Our team will be playing from our usual #misec Southfield venue:

Saturday, November 21st, at 4:30 am
300 Galleria Officentre, Suite 103
Southfield, MI 48034

Return top

About MichSec.org

We are a collective of Michigan based information security professionals (or maybe just people interested in security) looking to share knowledge and make the world a safer place.